CVE-2026-30704 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: March 19, 2026
WiFi Extender WDR201A - Insecure Hardware Interface
Overview
WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 contains an insecure UART interface caused by unprotected hardware pads on the PCB, letting attackers access the device hardware interface, exploit requires physical access to the device.
Severity & Score
Impact
Attackers with physical access can interact with the device hardware, potentially leading to device compromise or data extraction.
Mitigation
Restrict physical access or update firmware to secure UART interface if available.
References
- https://mstreet97.github.io/security-research/iot/vulnerability-disclosure/cybersecurity/cve/2026/02/18/From-Blackbox-to-Whitebox-Multiple-CVEs-in-a-Consumer-WiFi-Extender.html
- https://www.made-in-china.com/showroom/yeapook/#:~:text=Established%20in%202015.%2CDistrict%2C%20Shenzhen%2C%20Guangdong%2C%20China
Social Media Activity(2 posts)
š“ CVE-2026-30704 - Critical (9.1) The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) exposes an unprotected UART interface through accessible hardware pads on the PCB š https://www.thehackerwire.com/vulnerability/CVE-2026-30704/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postš“ CVE-2026-30704 - Critical (9.1) The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) exposes an unprotected UART interface through accessible hardware pads on the PCB š https://www.thehackerwire.com/vulnerability/CVE-2026-30704/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-30704
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- undefined
- Status
- unconfirmed
- EPSS
- 4.4%
- Social Posts
- 2
CWE
- CWE-912
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H